What is Medium Trust in Asp.net?

Question

What is Medium Trust in Asp.net? When should we use Medium Trust in Asp.net?

Answer 1

The most concise description I've seen is here:

• Full trust - your code can do anything that the account running it can do.
• High trust - same as above except your code cannot call into unmanaged code. i.e. Win32 APIs, COM interop.
• Medium trust - same as above except your code cannot see any part of the file system except its application directory.
• Low trust - same as above except your code cannot make any out-of-process calls. i.e. calls to a database, network, etc.
• Minimal trust - code is restricted from anything but the most trival processing (calculating algorithms).

Those are the big differences, were you interested in the minor details as well? The trust levels overall refer to what the code is allowed to do.

Answer 2

Medium trust still provides a constrained environment for isolating applications from one another and from shared server resources. Medium trust applications have no registry access, no event log access, and no ability to use reflection. Web access is limited to the network address that you define in the "trust" element, and file system access is limited to the application's virtual directory. keep in mind that you cannot edit your web.config by declaring that your Application use medium trust, if your application is coded to do something in the above list, it will still throw an error exception.